fnaf-plus-5[.]5[.]zip

Resubmissions

20/12/2023, 00:56

231220-baq4gadccr 3

Sharing

Copy URL Twitter E-mail

General

Target

fnaf-plus-5.5.zip
Size

336.7MB
MD5

5bde0782b9153a8e47ebc14b5f541825
SHA1

c7df6bb673abf063ceaf82229a826854cde6d23b
SHA256

258d4b6e4aa59b056583ff6372f0c773c002f4df3d88719ba66eb02b1fbadbfc
SHA512

f7aa862c0ef612e001bb21c3c479d68b9db3c8b456ab10b20e45574ad45396546b2639888f40c5a17e36bf13f298798d4d9df3f79feadc8ad9632f1bedf77fd2
SSDEEP

6291456:z6wWPFXVgKJMXk3917amBT5hX51bQ+/a5FCpr83hr040cs2QZyf:z6xXVPVtVaYNhX5m+/Br2y40WB

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fnaf plus 5.5/Modules/clickteam-circular.mvx
unpack001/fnaf plus 5.5/Modules/kcini.mfx
unpack001/fnaf plus 5.5/Modules/kcplugin.mfx
unpack001/fnaf plus 5.5/Modules/oggflt.sft
unpack001/fnaf plus 5.5/Modules/waveFlt.sft
unpack001/fnaf plus 5.5/fnafplus.exe

Files

fnaf-plus-5.5.zip
.zip

Password: infected
fnaf plus 5.5/Modules/Layer.mfx
.dll windows:5 windows x86 arch:x86

Password: infected

d82a75f35f09c2900baf6b3b35d9f046

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:06:71:9c:4a:1a:31:e2:5f:f2:72:51:72:f1:b6:3c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/11/2020, 00:00

Not After

08/01/2023, 23:59

Subject

CN=Clickteam SARL,O=Clickteam SARL,L=Boulogne Billancourt,ST=Ile de France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:8a:24:5a:10:9c:fd:93:ad:2b:21:bd:9e:ef:24:78:9f:1f:d3:91
Signer

Actual PE Digest

52:8a:24:5a:10:9c:fd:93:ad:2b:21:bd:9e:ef:24:78:9f:1f:d3:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mmfs2

ord1036
ord1048
ord945
ord76

kernel32

WriteFile
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
HeapAlloc
HeapFree
GetACP
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
DecodePointer
WriteConsoleW

Exports

Exports

ContinueRunObject
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
EndApp
EndFrame
Free
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionParam
GetExpressionString
GetExpressionTitle
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetRunObjectDataSize
GetRunObjectInfos
GetTextAlignment
GetTextCaps
GetTextClr
GetTextFont
HandleRunObject
Initialize
PauseRunObject
SelectPopup
SetTextAlignment
SetTextClr
SetTextFont
StartApp
StartFrame
UpdateEditStructure

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fnaf plus 5.5/Modules/cctrans.dll
.dll windows:5 windows x86 arch:x86

Password: infected

10f7671c7ae2b31eb10c6a797d2a33e9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:a5:3f:b9:e4:d2:d3:75:06:fc:f3:31:68:db:11:10
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

07/12/2018, 00:00

Not After

05/12/2020, 23:59

Subject

CN=Clickteam S.A.R.L.,O=Clickteam S.A.R.L.,L=BOULOGNE BILLANCOURT,ST=Paris,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d5:10:d9:1b:0e:fe:f4:d0:ca:dd:07:4a:40:60:4a:e6:00:42:0f:de
Signer

Actual PE Digest

d5:10:d9:1b:0e:fe:f4:d0:ca:dd:07:4a:40:60:4a:e6:00:42:0f:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mmfs2

ord753
ord585
ord520
ord342
ord343
ord756
ord493
ord341
ord417
ord344
ord757
ord172
ord264
ord286
ord372
ord487
ord740
ord546
ord571
ord610

winmm

timeGetTime

user32

SetWindowLongW
GetWindowLongW
CheckRadioButton
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemInt
SendDlgItemMessageW
CheckDlgButton
wsprintfW
SetDlgItemTextW
LoadStringW
IsWindow
DestroyWindow
CreateDialogParamW

kernel32

InitializeCriticalSectionAndSpinCount
CreateFileW
DecodePointer
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW

Exports

Exports

CreateTransition
GetModuleID
GetModuleName
GetModuleType
GetTransCount
GetTransID
GetTransMode
GetTransName
IsUnicode

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fnaf plus 5.5/Modules/clickteam-circular.mvx
.dll windows:4 windows x86 arch:x86

Password: infected

63689c0ff7201b0aa220fa220473dc4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
WriteFile

user32

LoadStringW
LoadIconW

msvcrt

_adjust_fdiv
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
__CxxFrameHandler
_ftol
free
_initterm
malloc

Exports

Exports

CreateMvt
GetMvtHelpFileName
GetMvtID
GetMvtIcon
GetMvtName
GetNumberOfMvts
IsUnicode

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 506B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fnaf plus 5.5/Modules/kcini.mfx
.dll windows:5 windows x86 arch:x86

Password: infected

e2787d9a548bd0a3d6305062f94cc683

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
WriteFile
ReadFile
FindClose
OpenFile
GetPrivateProfileStringA
GetPrivateProfileStringW
WritePrivateProfileStringA
WritePrivateProfileStringW
GetWindowsDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
FindFirstFileW
CopyFileW
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
DecodePointer
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
SetEnvironmentVariableW
CreateDirectoryW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapAlloc
HeapFree
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
CreateFileW

user32

wsprintfW

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation

Exports

Exports

ContinueRunObject
CreateFromFile
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
EditDebugItem
EditObject
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetDebugItem
GetDebugTree
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionParam
GetExpressionString
GetExpressionTitle
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetPropCheck
GetPropValue
GetProperties
GetRunObjectDataSize
GetRunObjectInfos
HandleRunObject
Initialize
IsPropEnabled
LoadRunObject
PauseRunObject
ReInitRunObject
SaveRunObject
SetPropCheck
SetPropValue
UpdateEditStructure
UpdateFileNames
UsesFile
WToA

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fnaf plus 5.5/Modules/kcplugin.mfx
.dll windows:4 windows x86 arch:x86

Password: infected

ded1daec3a5cce9a651bb29f7c06e817

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

ShellExecuteW

msvcrt

calloc
free
wcsrchr
_initterm
malloc
_adjust_fdiv

Exports

Exports

ContinueRunObject
CreateObject
CreateRunObject
DestroyRunObject
DisplayRunObject
GetActionCodeFromMenu
GetActionInfos
GetActionMenu
GetActionString
GetActionTitle
GetConditionCodeFromMenu
GetConditionInfos
GetConditionMenu
GetConditionString
GetConditionTitle
GetExpressionCodeFromMenu
GetExpressionInfos
GetExpressionMenu
GetExpressionParam
GetExpressionString
GetExpressionTitle
GetHelpFileName
GetInfos
GetObjInfos
GetObjectRect
GetRunObjectDataSize
GetRunObjectInfos
HandleRunObject
PauseRunObject
ReInitRunObject
UpdateEditStructure

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fnaf plus 5.5/Modules/mmf2d3d11.dll
.dll windows:6 windows x86 arch:x86

Password: infected

f202759cfe800e40c17c5513b9dbe690

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:06:71:9c:4a:1a:31:e2:5f:f2:72:51:72:f1:b6:3c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/11/2020, 00:00

Not After

08/01/2023, 23:59

Subject

CN=Clickteam SARL,O=Clickteam SARL,L=Boulogne Billancourt,ST=Ile de France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d6:db:4c:0d:bb:14:0a:5f:59:12:b6:22:3a:71:da:e3:99:e0:5e:d9
Signer

Actual PE Digest

d6:db:4c:0d:bb:14:0a:5f:59:12:b6:22:3a:71:da:e3:99:e0:5e:d9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mmfs2

ord1121
ord751
ord624
ord397
ord395
ord919
ord871
ord960
ord936
ord857
ord971
ord904
ord903
ord935
ord908
ord862
ord396
ord946
ord845
ord869
ord1110
ord836
ord838
ord925
ord855
ord912
ord394
ord949
ord889
ord863
ord918
ord879
ord930
ord854
ord915
ord922
ord941
ord924
ord968
ord977
ord987
ord1002
ord928
ord1005
ord1001
ord1015
ord1013
ord1018
ord853
ord921
ord992
ord852
ord993
ord965
ord851
ord961
ord1138
ord860
ord931
ord995
ord978
ord1107
ord1100
ord1137
ord1103
ord1102
ord1112
ord1111
ord868
ord1090
ord966
ord1095
ord873
ord973
ord969
ord947
ord872
ord943
ord1136
ord1109
ord861
ord907
ord962
ord888
ord902
ord887
ord890
ord891
ord892
ord952
ord951
ord950
ord932
ord933
ord934
ord917
ord920
ord939
ord940
ord886
ord938
ord937
ord926
ord874
ord850
ord899
ord898
ord956
ord955
ord699
ord697
ord375
ord610
ord372
ord286
ord264
ord172
ord981
ord870
ord846
ord906
ord877
ord568
ord844
ord1104

d3d11

D3D11CreateDevice

kernel32

DecodePointer
GetStringTypeW
GetFileSizeEx
SetStdHandle
GetConsoleCP
WriteFile
FlushFileBuffers
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetConsoleMode
SetFilePointerEx
HeapSize
GetFileType
GetStdHandle
LCMapStringW
HeapFree
HeapAlloc
HeapReAlloc
GetModuleHandleExW
ExitProcess
RaiseException
RtlUnwind
LoadLibraryW
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
WriteConsoleW
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleHandleA
GetModuleFileNameW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
GetCurrentThread
EncodePointer
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
Sleep
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
QueryPerformanceCounter
TryEnterCriticalSection
GetLastError
CloseHandle
CreateFileW
VirtualFree
EnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection

user32

OffsetRect
ShowWindow
SetWindowPos
GetWindowRect
GetWindowLongW
GetClientRect
GetParent
SetWindowLongW

gdi32

GetObjectW

Exports

Exports

SEFree
SEFunction
SEGetSIPrototype
SEInitialize

Sections

.text
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fnaf plus 5.5/Modules/mmf2d3d8.dll
.dll windows:5 windows x86 arch:x86

Password: infected

64b0686318eee36fb6b5e0aeeba27718

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:06:71:9c:4a:1a:31:e2:5f:f2:72:51:72:f1:b6:3c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/11/2020, 00:00

Not After

08/01/2023, 23:59

Subject

CN=Clickteam SARL,O=Clickteam SARL,L=Boulogne Billancourt,ST=Ile de France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fb:80:97:cd:2c:62:ef:b6:15:81:d8:a9:14:ce:d6:f1:9c:dc:58:58
Signer

Actual PE Digest

fb:80:97:cd:2c:62:ef:b6:15:81:d8:a9:14:ce:d6:f1:9c:dc:58:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mmfs2

ord397
ord395
ord751
ord568
ord610
ord286
ord264
ord1112
ord1111
ord1110
ord971
ord969
ord978
ord1095
ord966
ord965
ord1018
ord962
ord961
ord1138
ord960
ord1107
ord956
ord955
ord952
ord951
ord950
ord949
ord977
ord947
ord946
ord903
ord943
ord941
ord940
ord1001
ord396
ord836
ord838
ord925
ord844
ord924
ord968
ord855
ord394
ord981
ord1137
ord1100
ord845
ord846
ord850
ord851
ord852
ord939
ord938
ord937
ord936
ord935
ord1005
ord934
ord1103
ord933
ord932
ord1002
ord931
ord930
ord1109
ord928
ord624
ord926
ord922
ord921
ord920
ord919
ord918
ord1102
ord917
ord995
ord915
ord912
ord993
ord992
ord908
ord907
ord906
ord987
ord904
ord1015
ord902
ord899
ord898
ord892
ord891
ord890
ord889
ord888
ord887
ord886
ord879
ord877
ord1013
ord874
ord973
ord873
ord872
ord871
ord870
ord869
ord1090
ord868
ord1136
ord863
ord862
ord861
ord860
ord857
ord854
ord853

d3d8

Direct3DCreate8

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
DecodePointer
GetStringTypeW
HeapAlloc
GetACP
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
SetLastError
InterlockedFlushSList
RaiseException
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileType
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
IsProcessorFeaturePresent
WriteFile
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetProcessHeap
HeapFree
CloseHandle
GetVersionExA
CreateFileW
GetLastError
WideCharToMultiByte
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentThreadId
MultiByteToWideChar
Sleep

user32

DrawTextW
DrawTextA
GetMonitorInfoA
MonitorFromWindow
SystemParametersInfoA
GetParent
SetWindowLongA
GetWindowLongA
OffsetRect
ShowWindow
ReleaseDC
GetDC
DrawTextExW
GetSystemMetrics
SetWindowPos
GetWindowRect

gdi32

SetBkColor
DeleteDC
CreateDIBSection
CreateCompatibleDC
CreateFontIndirectA
DeleteObject
SetBkMode
SetTextColor
SelectObject
GetObjectA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

Exports

Exports

SEFree
SEGetSIPrototype
SEInitialize

Sections

.text
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fnaf plus 5.5/Modules/mmf2d3d9.dll
.dll windows:5 windows x86 arch:x86

Password: infected

180c83ab59795576d7f7665df0409410

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:06:71:9c:4a:1a:31:e2:5f:f2:72:51:72:f1:b6:3c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/11/2020, 00:00

Not After

08/01/2023, 23:59

Subject

CN=Clickteam SARL,O=Clickteam SARL,L=Boulogne Billancourt,ST=Ile de France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d5:63:e3:05:16:c5:02:56:ce:72:6c:97:3e:4e:65:0c:5a:21:38:2f
Signer

Actual PE Digest

d5:63:e3:05:16:c5:02:56:ce:72:6c:97:3e:4e:65:0c:5a:21:38:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mmfs2

ord397
ord395
ord751
ord568
ord610
ord286
ord264
ord1112
ord1111
ord1110
ord971
ord969
ord978
ord1095
ord966
ord965
ord1018
ord926
ord396
ord836
ord838
ord925
ord844
ord924
ord968
ord855
ord394
ord981
ord1137
ord1100
ord845
ord846
ord850
ord851
ord962
ord961
ord1138
ord960
ord1107
ord956
ord955
ord952
ord951
ord950
ord949
ord977
ord947
ord946
ord903
ord943
ord941
ord940
ord939
ord938
ord937
ord936
ord935
ord1005
ord934
ord1103
ord933
ord932
ord1002
ord931
ord930
ord1109
ord928
ord1001
ord624
ord922
ord921
ord920
ord919
ord918
ord1102
ord917
ord995
ord915
ord912
ord993
ord992
ord908
ord907
ord906
ord987
ord904
ord1015
ord902
ord899
ord898
ord892
ord891
ord890
ord889
ord888
ord887
ord886
ord879
ord877
ord1013
ord874
ord973
ord873
ord872
ord871
ord870
ord869
ord1090
ord868
ord1136
ord863
ord862
ord861
ord860
ord857
ord854
ord853
ord852

d3d9

Direct3DCreate9

kernel32

GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
DecodePointer
GetStringTypeW
GetACP
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
LoadLibraryExW
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
VirtualQuery
EncodePointer
SetLastError
InterlockedFlushSList
RaiseException
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileType
GetConsoleCP
FindClose
SetFilePointerEx
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
WriteConsoleW
HeapSize
HeapReAlloc
FreeLibrary
GetFullPathNameA
HeapFree
GetProcessHeap
HeapAlloc
lstrcmpiA
WriteFile
OutputDebugStringA
UnmapViewOfFile
CloseHandle
CreateFileW
CreateFileA
CreateFileMappingA
GetFileSize
MapViewOfFile
Sleep
MultiByteToWideChar
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetVersionExA
WideCharToMultiByte
GetSystemInfo
IsProcessorFeaturePresent
LoadLibraryA
GetModuleHandleA
GetProcAddress
VirtualFree
VirtualAlloc
InterlockedExchange
InterlockedCompareExchange
GetLastError

user32

GetMonitorInfoA
MonitorFromWindow
SystemParametersInfoA
GetParent
SetWindowLongA
GetWindowLongA
OffsetRect
GetWindowRect
ShowWindow
GetDC
GetTabbedTextExtentW
DrawTextExW
GetSystemMetrics
SetWindowPos
ReleaseDC

gdi32

CreateDIBSection
DeleteDC
DeleteObject
GetCharacterPlacementA
GetCharacterPlacementW
SetTextColor
SetBkColor
SetBkMode
GetGlyphOutlineA
GetFontLanguageInfo
CreateFontIndirectA
CreateFontIndirectW
SetTextAlign
SetMapMode
CreateCompatibleDC
ExtTextOutA
MoveToEx
ExtTextOutW
GetTextMetricsA
GetObjectW
GetTextMetricsW
SelectObject
GetObjectA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

Exports

Exports

SEFree
SEGetSIPrototype
SEInitialize

Sections

.text
Size: 877KB - Virtual size: 876KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fnaf plus 5.5/Modules/mmfs2.dll
.dll windows:5 windows x86 arch:x86

fb76a0ebed426f70a384439c25a3c837

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:06:71:9c:4a:1a:31:e2:5f:f2:72:51:72:f1:b6:3c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/11/2020, 00:00

Not After

08/01/2023, 23:59

Subject

CN=Clickteam SARL,O=Clickteam SARL,L=Boulogne Billancourt,ST=Ile de France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6e:24:42:a9:0d:79:7f:c2:14:4e:bc:30:e3:c0:ff:43:4e:bd:74:f3
Signer

Actual PE Digest

6e:24:42:a9:0d:79:7f:c2:14:4e:bc:30:e3:c0:ff:43:4e:bd:74:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeSetEvent
timeGetTime
mciSendCommandW
mciSendCommandA
timeKillEvent

ddraw

DirectDrawCreate

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExA
LCMapStringW
DecodePointer
GetProcessHeap
HeapReAlloc
GetACP
GetStdHandle
HeapAlloc
GetModuleHandleExW
ExitProcess
HeapCompact
HeapSize
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
EncodePointer
SetLastError
InterlockedFlushSList
RaiseException
RtlUnwind
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetVersion
InterlockedExchange
LocalFree
LocalAlloc
WriteConsoleW
SetErrorMode
GetCurrentProcessId
FindResourceA
GetSystemInfo
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentThreadId
FreeResource
CreateFileW
CreateFileA
CloseHandle
SetFilePointerEx
SetFilePointer
ReadFile
WriteFile
GetLastError
GetVersionExW
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
LoadLibraryW
LoadLibraryA
FindClose
GetProcAddress
FreeLibrary
GetVersionExA
FindResourceW
LoadResource
LockResource
Sleep
GetModuleFileNameA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WideCharToMultiByte
MultiByteToWideChar
HeapFree

user32

GetWindow
SetActiveWindow
RegisterClassExA
RegisterClassA
PeekMessageA
DispatchMessageA
TranslateMessage
ChangeDisplaySettingsA
ClientToScreen
GetClassNameA
GetWindowDC
CreateIconIndirect
IntersectRect
DrawTextExW
DrawTextExA
SetRect
LoadStringW
LoadStringA
SetDlgItemTextW
GetWindowLongA
GetSysColor
ScreenToClient
MessageBoxW
InvalidateRect
SetDlgItemTextA
SetDlgItemInt
GetDlgItem
ShowWindow
DrawEdge
wsprintfW
CopyRect
DrawFocusRect
SendMessageW
DefMDIChildProcW
DefMDIChildProcA
DefFrameProcW
DefFrameProcA
GetClassNameW
GetParent
FillRect
EndPaint
BeginPaint
IsIconic
DefWindowProcW
DefWindowProcA
EnumDisplaySettingsA
LoadCursorA
SetWindowLongW
SetWindowLongA
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
ReleaseDC
GetDC
SetMenu
GetSystemMetrics
GetKeyboardState
SetWindowPos
DestroyWindow
CreateWindowExW
CreateWindowExA
SendMessageA

gdi32

BitBlt
SetDIBits
SelectClipRgn
IntersectClipRect
GetDIBits
GetClipRgn
DeleteDC
CreateRectRgn
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
ExtTextOutW
ExtTextOutA
GetObjectW
GetObjectA
SetTextAlign
SetTextColor
GetTextAlign
CreateFontIndirectW
StretchBlt
RealizePalette
GetPaletteEntries
CreatePalette
GdiFlush
Polyline
SetROP2
SetBkMode
SetBkColor
SelectObject
Rectangle
GetClipBox
SetPixel
SelectPalette
GetSystemPaletteEntries
GetStockObject
GetPixel
GetDeviceCaps
DeleteObject
CreateFontIndirectA
StretchDIBits
MoveToEx
Polygon
CreateDIBSection
SetDIBColorTable
SetWindowOrgEx
CreateSolidBrush
Ellipse
CreateHalftonePalette
CreatePen
LineTo

comdlg32

GetOpenFileNameW
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameA

dsound

ord1

Sections

.text
Size: 405KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fnaf plus 5.5/Modules/oggflt.sft
.dll windows:4 windows x86 arch:x86

8c071a971a35f2e806d3d72ab5fda000

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mmfs2

ord259
ord283
ord738

msvcrt

malloc
realloc
memmove
free
memchr
floor
_ftol
calloc
qsort
exit
frexp
ceil
_CIpow
ldexp
_errno
??3@YAXPAX@Z
__CxxFrameHandler
??2@YAPAXI@Z
_initterm
_adjust_fdiv

Exports

Exports

CanReadFile
CreateFilter
GetFilterExts
GetFilterID
GetFilterName

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fnaf plus 5.5/Modules/waveFlt.sft
.dll windows:4 windows x86 arch:x86

a37b82eab5fe34efed01d6399d87638b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mmfs2

ord259
ord283
ord738

msvcrt

??3@YAXPAX@Z
__CxxFrameHandler
??2@YAPAXI@Z
malloc
_ftol
free
_initterm
_adjust_fdiv

Exports

Exports

CanReadFile
CreateFilter
GetFilterExts
GetFilterID
GetFilterName

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 583B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 182B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fnaf plus 5.5/fnafplus.dat
fnaf plus 5.5/fnafplus.exe
.exe windows:5 windows x86 arch:x86

1c4661ad7d3fc8350c55edf0f712d992

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

winmm

timeBeginPeriod
joyGetDevCapsW
joyGetPosEx
timeEndPeriod

kernel32

WideCharToMultiByte
GlobalAddAtomW
GlobalDeleteAtom
lstrlenW
GetCommandLineW
GetExitCodeProcess
GlobalAlloc
GlobalLock
GlobalUnlock
SetErrorMode
GetCurrentDirectoryW
GlobalFree
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindNextFileA
FindFirstFileExA
DecodePointer
GetFileType
GetProcessHeap
LCMapStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetOEMCP
IsValidCodePage
GetStringTypeW
GetCPInfo
HeapFree
HeapReAlloc
HeapAlloc
GetStdHandle
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
SetEnvironmentVariableW
DeleteFileW
HeapSize
GetACP
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RtlUnwind
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryExA
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
SetCurrentDirectoryW
FindNextFileW
CreateMutexW
WriteFile
GetModuleFileNameW
Sleep
ReleaseMutex
WaitForSingleObject
FindClose
FindFirstFileW
CloseHandle
SetFilePointer
GetLastError
ReadFile
CreateFileW
CreateDirectoryW
GetTempFileNameW
GetTempPathW
WriteConsoleW
RemoveDirectoryW
GetVersionExW
GetLocaleInfoW
FreeLibrary
GetProcAddress
LoadLibraryExW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
GetModuleFileNameA

user32

OffsetRect
DestroyWindow
PostQuitMessage
DrawTextW
FillRect
GetUpdateRect
DefMDIChildProcW
EndPaint
BeginPaint
InflateRect
GetClassNameW
GetDlgItemTextW
SendDlgItemMessageW
EndDialog
GetDlgItem
SetDlgItemTextW
DrawEdge
MapVirtualKeyW
GetInputState
DrawMenuBar
SetMenuInfo
DestroyMenu
LoadMenuIndirectW
GetMenuItemCount
SetWindowPlacement
GetWindowPlacement
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetDesktopWindow
GetSystemMenu
UpdateWindow
GetWindow
RegisterClassW
GetTabbedTextExtentW
ModifyMenuW
GetMenuStringW
DialogBoxIndirectParamW
GetMenuItemID
RegisterClassExW
LoadImageW
LoadIconW
GetMonitorInfoW
MonitorFromWindow
GetSystemMetrics
RedrawWindow
IsIconic
IsDialogMessageW
SetTimer
GetClipboardData
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
IsClipboardFormatAvailable
CheckMenuItem
EnableMenuItem
GetMenu
PtInRect
PostMessageW
InvalidateRect
SetFocus
GetFocus
CallWindowProcW
RemovePropW
SetPropW
SetWindowLongW
GetPropW
MessageBoxW
GetParent
GetActiveWindow
ShowCursor
SetCapture
ReleaseCapture
GetKeyState
GetWindowRect
GetWindowDC
SetCursorPos
ClientToScreen
ScreenToClient
GetCursorPos
LoadStringW
MapWindowPoints
SetWindowPos
IsZoomed
GetWindowLongW
AdjustWindowRectEx
SendMessageW
LockWindowUpdate
ShowWindow
IsWindowVisible
GetClientRect
SetWindowTextW
wsprintfW
IntersectRect
KillTimer
DestroyIcon
GetSubMenu
DeleteMenu
GetMenuState
LoadCursorW
SetCursor
SystemParametersInfoW
GetSysColor
ReleaseDC
CreateIconIndirect
GetDC
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
TranslateMDISysAccel
GetMessageW
PeekMessageW
DialogBoxParamW

gdi32

CreatePalette
SelectPalette
RealizePalette
EnumFontFamiliesExW
GetStockObject
SelectObject
GetTextExtentPointW
GetDeviceCaps
GetObjectW
CreateFontIndirectW
DeleteObject
CreatePen
Rectangle
LineTo
SetBkColor
ExtTextOutW
SetTextColor
SetBkMode
CreateRectRgn
GetClipRgn
ExcludeClipRect
SelectClipRgn
SetDIBits
CreateCompatibleBitmap
CreateSolidBrush
CreateBitmap

comdlg32

GetSaveFileNameW
GetOpenFileNameW

shell32

DragFinish
DragQueryFileW
ShellExecuteExW
DragAcceptFiles

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 519KB - Virtual size: 518KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

d82a75f35f09c2900baf6b3b35d9f046

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

05:06:71:9c:4a:1a:31:e2:5f:f2:72:51:72:f1:b6:3cCertificate

Extended Key Usages

Key Usages

52:8a:24:5a:10:9c:fd:93:ad:2b:21:bd:9e:ef:24:78:9f:1f:d3:91Signer

Headers

DLL Characteristics

File Characteristics

Imports

mmfs2

kernel32

Exports

Exports

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 4KB

Password: infected

10f7671c7ae2b31eb10c6a797d2a33e9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6d:a5:3f:b9:e4:d2:d3:75:06:fc:f3:31:68:db:11:10Certificate

Extended Key Usages

Key Usages

d5:10:d9:1b:0e:fe:f4:d0:ca:dd:07:4a:40:60:4a:e6:00:42:0f:deSigner

Headers

DLL Characteristics

File Characteristics

Imports

mmfs2

winmm

user32

kernel32

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 84KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 7KB - Virtual size: 6KB

Password: infected

63689c0ff7201b0aa220fa220473dc4e

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Exports

Exports

Sections

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

05:06:71:9c:4a:1a:31:e2:5f:f2:72:51:72:f1:b6:3c
Certificate

52:8a:24:5a:10:9c:fd:93:ad:2b:21:bd:9e:ef:24:78:9f:1f:d3:91
Signer

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6d:a5:3f:b9:e4:d2:d3:75:06:fc:f3:31:68:db:11:10
Certificate

d5:10:d9:1b:0e:fe:f4:d0:ca:dd:07:4a:40:60:4a:e6:00:42:0f:de
Signer

.text
Size: 84KB - Virtual size: 84KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 104B

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 506B

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 672B

.rsrc
Size: 4KB - Virtual size: 920B

.reloc
Size: 4KB - Virtual size: 232B

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

05:06:71:9c:4a:1a:31:e2:5f:f2:72:51:72:f1:b6:3c
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

d6:db:4c:0d:bb:14:0a:5f:59:12:b6:22:3a:71:da:e3:99:e0:5e:d9
Signer

.text
Size: 313KB - Virtual size: 312KB

.rdata
Size: 197KB - Virtual size: 196KB

.data
Size: 9KB - Virtual size: 12KB